Clayton State University recognizes that information and information systems are critical to business functions. It is the responsibility of all users to ensure the safeguarding of business assets as our front line of defense. Information Security works with the Departments of Information Technology and Services in achieving its strategic vision as a partner to the campus community and educator in security awareness and training.
What is Information Security?
The term Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
The Department of Information Security supports the mission of Clayton State University by building a culture of security awareness and risk management to protect the privacy, confidentiality, integrity, and availability of student, faculty, and staff information in partnership with Data Governance:
- Confidentiality: Preventing the intentional or unintentional unauthorized disclosure of data.
- Integrity: ensuring no modifications to data by unauthorized personnel or processes and ensuring internal and external data are consistent and accurate.
- Availability: ensuring the reliable and timely access to data or computing resources by personnel.
What is Cybersecurity?
Cybersecurity is protecting information and information systems by preventing, detecting, and responding to attacks.
The cybersecurity landscape continues to change with threat actors becoming more aggressive in their attacks. Information Security is committed to securing the University’s information assets by creating a more educated and secure campus through institutional partnerships.
Cybersecurity is EVERYONE'S responsibility.
Learn to identify common techniques
Phishing is a malicious practice used to trick unsuspecting individuals into sharing personal information by using fraudulent emails and claiming to be from reputable companies.
Ways to spot a Phish:
- Phishing emails may contain improper grammar or spelling.
- Look for interesting, emotional pleas asking you to take any action, such as clicking a link.
- Be aware phishing emails disguise themselves as popular sites such as in banking or
- (Example: www.banofamerika.com)
- An email requesting sensitive information—never give personally identifiable information.
Caught a PHISH??? Send it to the PHISHTANK!!! ~ email@example.com
- Highlight the suspected phish (single left click).
- Click on print, then select PDF.
- Select Print.
- Save PDF in the desired location.
- Send phish PDF as an attachment to firstname.lastname@example.org.
Remember, Lakers! Cybersecurity is a team endeavor.
- Cybersecurity starts with YOU and is everyone’s responsibility.
- Ask for Help - Contact the HUB—(678) 466-4357.
- Contact Information Security—email@example.com
For more information go to Phish Tank webpage.
Identity management is an important aspect of information technology security. Employee
logins are requested by Human Resources at the time of hire and are terminated when
Human Resources notifies ITS the person is no longer employed. Accounts will not be
created without Human Resources requesting them.
All users, whether internal, external, or temporary, and their activity on all IT systems should have User Ids that:
- are uniquely identifiable
- are enabled through appropriate authentication mechanisms.
- are assigned access rights to all systems and data in line with defined and documented business needs and job requirements.
- are only requested by user management, approved by system owners, and implemented by the appropriate local security administrator.
For more information go to Identity Management webpage.
Cybersecurity Awareness Training
Must be completed by all Faculty and Staff
Cybersecurity awareness training is mandated by the Board of Regents in accordance with the USG IT Handbook: 5.9.2 Security Awareness, Training and Education Requirements for all users who access information or information systems. The University System of Georgia (USG) cannot ensure the confidentiality, integrity, and availability of the data asset until each person in the university system understands their roles and responsibilities and all data users have completed training to perform these tasks.
Awareness training will be conducted, attendance is mandatory, completion is documented and will provide practical and simple guidance pertaining to user roles and responsibilities. The governor’s directive for bi-annual cyber training is to achieve high standards system-wide and diligence in the protection and privacy of all data assets managed on a day-to-day basis.
All users of information technology owned or managed by CLSU must immediately report suspected information security incidents (including but not limited to virus infections and computers exhibiting behavior consistent with a compromised machine) to the HUB:
• Events, incidents, and potential breaches (i.e., lost/stolen laptop or external
thumb drive) to the HUB at (678) 466-4357 or firstname.lastname@example.org.
• In events, incidents, and potential/confirmed breaches involving Clayton State University data stored, accessed, managed, or otherwise used by a vendor, the CIO/ Information Security (IS) will involve Legal Counsel, Chief Data Officer, and Procurement Services to provide guidance and to determine if there is also a breach of contract that needs to be pursued. Incidents involving vendors, Information Security and/or the vendor will notify USG Cybersecurity through the Enterprise Service Desk email@example.com at 706-583-2001, or 1-888-875-3697 (Toll free within Georgia).
• Events, incidents, and potential breaches reported to Clayton State personnel by vendors must report the incident to USG Cybersecurity through the Enterprise Service Desk firstname.lastname@example.org at 706-583-2001, or 1-888-875-3697 (Toll free within Georgia) and the HUB at (678) 466-4357 or email@example.com.